Tag Archives: CWE- 554

CWE-554 – ASP.NET Misconfiguration: Not Using Input Validation Framework

Read Time:16 Second

Description

The ASP.NET application does not use an input validation framework.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-1173

 

Consequences

Integrity: Unexpected State

Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

CVE References